IOC Radar
IPMediumSignal 52/100

123.178.210.124

Location
ChinaChina
Hechi, Guangxi
ASN
AS4134
Chinanet NM
First Seen
Feb 4, 2024
Last Seen
May 29, 2026
Feb 4
First Seen
861d ago
May 29
Last Seen
16d ago
13
Reports
source reports
52%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryCNChina
RegionHechi, Guangxi
ASNAS4134
OrganizationChinanet NM

Feed Intelligence Summary

13 reports52% confidence
13
Source reports
52%
Confidence score
Category tags
account compromiseactive scanactive scanningaptasiaattackaustraliaauto-generated securitybad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcec2chinacisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescncommand & controlcommand and controlcommunication protocolconpot honeypotcowrie attackscowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaea attacksdionaea honeypotdistributed attacksenterprise networkingenumerationexploitexploitationexploitation activityexploited hostfattftp brute forceftp brute-forcehackinghoneytrap datahoneytrap honeypothttp brute forcehttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinjection activityinjection attacksinternet-wide scanintrusion detectioniociot securityiot targetediot/ics attackipv4lamplamp attacklamp exploitation attemptslamp stack attacklamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious activity detectedmalicious softwaremalwaremalware behaviourmalware capturenetworknetwork activitynetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securityoceaniap0fpassword attacksphishingphishing attackphishing trapping of deathportscanpossible malware distributionpossible mirai variantpotential malware deploymentprocess injectionprotocol exploitationreconnaissanceresearchedresource hijackingscannerscanner ipscannersscripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionservice scansftp activitysftp attacksip scanningsmtp brute forcesmtp probingsocial engineeringspamsql injectionsshssh attackssh monitoringt-pott1021t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1590t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanunauthorized access attemptunknown threat actorvoipvoip attackvultrweb app attackweb application attackweb application scanningweb attackweb exploitationweb spam

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Internet Protocol (IP) address (123.178.210.124) has been identified as a significant Indicator of Compromise (IOC) with a score of 52.4, indicating a substantial risk. Its presence in threat intelligence feeds, including those specifically tracking brute force attackers and honeypot interactions, suggests its active involvement in malicious activities such as reconnaissance, attempted credential access, and potential exploitation attempts. If this IP address is found interacting with organ…

Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
13
Reports
First seenFeb 4, 2024
Last seenMay 29, 2026
GeolocationCN
CountryChina
LocationHechi, Guangxi
ASNAS4134
OrgChinanet NM
Coords39.9285, 116.3850

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 123.178.0.0 - 123.179.255.255 netname: CHINANET-NM descr: CHINANET neimeng province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CH93-AP tech-c: CY690-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-NM mnt-routes: MAINT-CHINANET-NM mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:39Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-09-04T00:59:42Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: Cao Yong Gang nic-hdl: CY690-AP e-mail: [email protected] address: the 8th floorses of Postal service mansion,Train station east street,Huhhot,010020 phone: +86-471-3386960 fax-no: +86-471-3380003 country: CN mnt-by: MAINT-CHINANET-NM last-modified: 2021-05-06T02:10:03Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 16 days ago
Appeared in 13 threat reports